In the early 2000's, software as a service (SaaS) established itself as a better way to deliver business value with an “on demand” model. SaaS broke the painful cycle of buying expensive software suites with bloated feature sets and unrealized promises, coupled with uncertain and risky outcomes. Companies like Salesforce.com, Taleo, Postini, Qualys, WebEx and Netsuite experienced meteoric growth. With growth came growing pains and companies found that SaaS alone wasn't a silver bullet.
SaaS was a game changer in customer relation management (CRM), enterprise resource planning (ERP), collaboration, email and network security because it solved the cost and complexity problems that dogged many enterprise software deployments. One of the most expensive and complex IT problems—identity management—remained to be addressed.
The lack of an identity management capability for SaaS had two implications. The first was the lack of a purpose-built SaaS identity solution to solve the unique authentication, access, provisioning and authorization problems encountered when deploying SaaS apps. The second ramification was the continued focus of identity solutions as an expensive enterprise infrastructure for the enterprise market. This continues to keep the benefits of identity management beyond the reach of most midmarket companies.
Identity management is complex and involves a lot of “moving parts” which is why historically identity management systems were themselves complex. The first-generation identity approach requires tremendous expertise in identity, security, middleware, databases, directories, web/app servers, backed by a team of administrators, developers, integrators, auditors—just to get the foundations in place.
Factor in deployment and integration efforts and these massive first-generation identity projects often took years to get up and working. Compounding the problem is the constant change and upgrade cycles. It wasn't uncommon for a modest deployment of several thousand identities to cost many hundreds of thousands of dollars.
Although present identity management technologies are somewhat functional, they are overly complex or otherwise unsatisfactory. Accordingly, a system and method are needed to address the shortfalls of present technology and to provide other new and innovative features.